Wireless remote sensors are used extensively in wireless networks for monitoring purposes. Wireless sensors are becoming more utilized in industrial applications. One major use for wireless sensors is the monitoring of industrial equipment. The sensors provide low cost, low power alternatives to historic monitoring methods, such as physically inspecting equipment. The benefit to having wireless sensors is lost, however, when a sensor begins to behave unexpectedly. The behavior of a sensor is dictated by software installed on the sensor. If a sensor has uncorrupted user-installed software, the behavior of the sensor is predictable, and monitoring results can be assumed to be accurate and precise. However, if an attacker installs a virus or the software otherwise becomes corrupted, the sensor may begin to behave erroneously. Remote verification of the wireless sensors is therefore needed to ensure that all software on the wireless sensors is uncorrupted.
A typical node in a wireless sensor network has very limited resources. Cryptographic signing of the software using public keys as a means of software verification is thus impractical due mainly to the hardware limitations of the wireless sensor nodes. Currently, only time-based software verification protocols have been developed. Time-based verification protocols rely on the time taken to complete a given cryptographic operation on the software resident in the sensor node. Particularly, a verifier node first issues a challenge to a sensor node via the network. In response, the sensor node performs calculations using software installed on the sensor node. The sensor node completes the calculation and transmits the results back to the verifier node. Both the results of the calculation and the time needed to perform the calculation are examined. After the verifier node checks the time, if the result is accurate and the time needed to perform the calculation and report the results falls within an accepted time window, the requester verifies the software installed on the sensor node. However, the time based aspect of this approach can result in inaccurate timestamps if there are a large number of hops, or physical network steps between the verifier and the subject, i.e., a large number of network nodes through which the response must travel from the verifier to the sensor and back. Random delays introduced during transit of a verification packet in a sensor network can mask the time signature of a given software challenge result. Depending on the topography of a network, the number of hops can be arbitrarily large, and random delays can add together to create a scenario where software is deemed to be corrupted because of long time delays, even though the software may be running appropriately.
Therefore, it is an object of the present invention to provide a way of verifying wireless sensor software without introducing the possibility of random time delays due to a large number of hops.